1. Home
  2. Industrial Control Systems
  3. SC-2

SC-2: APPLICATION PARTITIONING

TAILORING FOR INDUSTRIAL CONTROL SYSTEMS

  • ICS Control Baselines:
  • Moderate
  • High

The information system separates user functionality (including user interface services) from information system management functionality.

SUPPLEMENTAL GUIDANCE

Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls.

ICS SUPPLEMENTAL GUIDANCE

Systems used to manage the ICS should be separate from the operational ICS components. Example compensating controls include providing increased auditing measures.

CONTROL ENHANCEMENTS

SC-2 (1) APPLICATION PARTITIONING | INTERFACES FOR NON-PRIVILEGED USERS

NOT SELECTED FOR THE NIST ISC CONTROL SET

The information system prevents the presentation of information system management-related functionality at an interface for non-privileged users.

Supplemental Guidance:

This control enhancement ensures that administration options (e.g., administrator privileges) are not available to general users (including prohibiting the use of the grey-out option commonly used to eliminate accessibility to such information). Such restrictions include, for example, not presenting administration options until users establish sessions with administrator privileges.

RELATED CONTROLS: SC-2 (1)

REFERENCES:

  • NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY